Data loss is a growing risk managed file transfer can help
Sponsored Links
This presentation is the property of its rightful owner.
1 / 24

Data Loss Is a Growing Risk… Managed File Transfer Can Help PowerPoint PPT Presentation


  • 115 Views
  • Uploaded on
  • Presentation posted in: General

Data Loss Is a Growing Risk… Managed File Transfer Can Help. Tony Perri, CISSP Solutions Architect Ipswitch File Transfer. Data loss is a growing risk. Companies are collecting, storing, and transferring more and more data. Collecting Data:

Download Presentation

Data Loss Is a Growing Risk… Managed File Transfer Can Help

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Data Loss Is a Growing Risk…Managed File Transfer Can Help

Tony Perri, CISSP

Solutions Architect

Ipswitch File Transfer


Data loss is a growing risk

  • Companies are collecting, storing, and transferring more and more data.

    • Collecting Data:

      • How many times have you filled out a Web form with personal information such as your name, address, date of birth, phone number, credit card number, etc.

    • Storing Data:

      • This data is “king” for companies looking to better understand their customers and their markets, so this data is stored and subsequently analyzed.

    • Transferring Data:

      • The “pace” of business has increased, so data must be transferred quickly between internal and external people and systems.

www.IpswitchFT.com


Data is most vulnerable during transfer

  • Technology focus has been on minimizing the risk of data loss during collection and storage.

  • Technology for protecting data during transfer is available, but adoption is not keeping pace with the threats.

www.IpswitchFT.com


The Information Visibility Problem

  • Companies are failing to secure and manage the flow of sensitive information moving internally and externally:

    • 65 percent of companies surveyed have no visibility into files and data leaving their organizations.

    • 52 percent have no real visibility into internal file transfers.

    • Only 19 percent say they have complete visibility into files and data moving inside and outside their organization.

www.IpswitchFT.com


The External Device Problem

  • Increased reliance on external devices in the workplace is partly to blame:

    • More than 80 percent of IT executives admitted to using easily lost or stolen external devices like USB drives, smartphones and tablets to move and backup confidential work files.

    • 57 percent save work files to external devices at least once a week, a major security and compliance concern for businesses.

www.IpswitchFT.com


The Email Security Problem

  • More than 75 percent of IT executives surveyed send classified files and information via email attachments.

    • 26 percent of employees use personal email instead of work accounts to mask file transfer activity from management.

www.IpswitchFT.com


The Policy and Tool Enforcement Problem

  • Creating policies and providing tools simply isn’t enough…. It’s the enforcement of that policy and tool that is the critical step.

    • 55 percent said their companies provide – but do not enforce – policies and tools around sharing sensitive information

www.IpswitchFT.com


WikiLeaks Fails to Drive Preventive IT Action

  • In wake of one of the most revealing breaches in U.S. history, most companies are not taking the risks of losing business-critical information seriously.

    • 43 percent of companies ignored the business implications of WikiLeaks altogether.

    • Only 16 percent of companies implemented new policies and tools to protect against similar breaches.

    • Slightly less than 30 percent of companies discussed the implications with employees, but made no major changes to the way information is shared or protected.

www.IpswitchFT.com


2011 Information Technology Priorities

  • While many companies are still struggling to protect business-critical information, executives say that they’re making it a priority for 2011. Of the IT executives surveyed at the 2011 RSA Conference:

    • 40 percent ranked protecting sensitive information as a top priority in 2011.

    • 25 percent said securing cloud computing is important.

    • 20 percent said that managing the flow of information internally and externally is critical.

www.IpswitchFT.com


Employees will do what is necessary

  • Employees have proven that they will do whatever it takes to get their job done, with or without IT.

  • Employees whose job requires them to send information to other people such as co-workers, partners, vendors or customers have thousands of options at their disposal.

    • Personal email account

    • USB drive

    • Social media site

    • CD/DVD’s sent via courier

www.IpswitchFT.com


Risk is to the Business

  • File transfer supports core business processes

    • Ordering, claims processing, supply chain management, health care, financial transactions.

  • Data loss means

    • Orders don’t ship, claims don’t get processed, supplies don’t arrive, health care records are unavailable, and financial debits/credits don’t occur.

  • Compliance Threatened

www.IpswitchFT.com


Costs to the Business

  • Data loss incurs additional costs:

    • Average total per-incident costs in 2008 were $6.65 million

    • Average cost per data record in 2008 was $202

      2008 Annual Study: Cost of a Data Breach, Ponemon Institute 20 February 2009

  • Lost Revenue

  • Penalties

  • Damaged reputation

www.IpswitchFT.com


IT Needs…

  • IT needs solutions to:

    • Enable person-to-person, person-to-system and system-to-system file transfers

    • Create and enforce policies and rules that manage those file transfers

    • Encrypt transfers

    • Provide visibility into all data interactions

    • Enable compliance

www.IpswitchFT.com


MFT Capabilities

  • Protocols

    • FTP, FTPS, SFTP, HTTP, HTTPS, AS1/2/3

  • Encryption

    • SSL/TLS, SSH, AES, PGP, S/MIME, PKI, SHA

    • Provide Confidentiality and Integrity

  • Access Control

    • Control who has access to what data

    • Least-Privileged

  • Auditing, Logging and Reporting

    • Track every activity associated with transferring a file

  • Automation, scheduling, workflow

    • Provide Availability

www.IpswitchFT.com


The Three Things That Matter Most


Visibility

1. Provide visibility into all file and data transfer interactions, including files, events, people, policies & processes

www.IpswitchFT.com


Management

2. Manage, provision, and automate all file interactions, both internal and external to the company, organization or domain

www.IpswitchFT.com


Enforcement

3.Create and enforce administrator defined policies & rules

  • Server access rules

  • Security policies

  • Password policy

  • IP and user lockout rules

  • File extension rules

  • Domain rules

  • Encryption policy

  • Delivery notification rules

  • File size limitations

  • File expiration rules

  • Max server bandwidth (# files, storage space)

  • Max number of files that can be sent at a time

  • Max # of downloads

  • Multi-factor authentication

  • Guaranteed delivery

  • File Integrity

  • Non-repudiation

www.IpswitchFT.com


Real World Business Problems

  • Needs

  • Challenges

www.IpswitchFT.com


Two frequent scenarios

  • Regularly scheduled reoccurring transfers

    • Replace legacy or home-grown systems

  • Ad-Hoc person-to-person interactions

    • Send large or large sensitive data

www.IpswitchFT.com


Classic “bulk data transfer”

  • Used by Financial, Insurance and Health Care for years

  • Primarily B2B (not transactions)

  • Legacy Data Comm, FTP, MFT

  • Regularly scheduled, re-occurring transfers

  • Highly structured

  • Need

    • Encryption

    • Efficient on-boarding of partners and users

    • Policy Enforcement

    • Auditing and Reporting

    • Scheduling

    • SLA Monitoring

    • Sustainable key managment

    • Flexible deployment options (on-premises, hosted, hybrid)

www.IpswitchFT.com


Ad-Hoc Transfers

  • One-time or short-duration interactions between internal users and external customers, partners, clients, etc.

  • Examples

    • Marketing needs to send large image files to a contractor

    • Software vendor needs to send a patch to a specific customer

  • Sometimes a replacement for anonymous ftp

  • Bi-directional

    • Mortgage originator needs sensitive financial information from an applicant

www.IpswitchFT.com


Ad-Hoc Transfers

  • Need

    • Encryption

    • Self-service user provisioning

    • Client-less access for internal and external users

    • TTL and Max Download policies

    • Auditing and Logging

    • Appropriate file size limits (or no limits)

    • Archival for e-Discovery purposes.

    • Flexible deployment options (on-premises, hosted, SaaS)

www.IpswitchFT.com


Q&A

For more information about Ipswitch File Transfer’s

solutions, call 608-824-3600 or email

MOVEitSales@ipswitch.com.

www.IpswitchFT.com


  • Login